I am developing an App for Jira Cloud and have ask what uninstalling my App have do?

I am developing an App for Jira Cloud and have ask what uninstalling my App have do?

An installing my App makes a required JWT file to secret customers folder on my server.

Hi @matti.kiviharju,

Just to clarify, are you asking for advice about what your app needs to do if it receives an uninstallation lifecycle event? If so, it is very much dependent on your app, but it should probably record the fact that the app has been uninstalled. It should not completely remove the installation details since the app may be re-installed into the same tenant. To understand this, please see https://developer.atlassian.com/cloud/jira/platform/app-descriptor/#lifecycle.

Regards,
Dugald

What uninstallation progress post to server?

I read now this document: https://developer.atlassian.com/platform/marketplace/security-requirements/
Almost all requirements of these is made but I have to ask about JWT security about that links front-end currently will some times include a customer sub-domain to Jira Cloud like customersubdomain . atlassian . net to read JWT file of customer from secret folder. So can this cause a vulnerability? But there is no sharedSecret on a front-end or headers or URL query things. And we use Siemens Polarion ALM with build in non public SVN with automated ACL to repository projects with no access for non-authorized employees or suppliers/sub-contractors to project source code, ect. Ansd we not store JWT installation files in SVN even it’s not public.